惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Palo Alto Networks Blog
大猫的无限游戏
大猫的无限游戏
Martin Fowler
Martin Fowler
GbyAI
GbyAI
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
量子位
T
The Blog of Author Tim Ferriss
Y
Y Combinator Blog
Microsoft Azure Blog
Microsoft Azure Blog
C
CERT Recently Published Vulnerability Notes
Recent Announcements
Recent Announcements
A
About on SuperTechFans
aimingoo的专栏
aimingoo的专栏
P
Privacy International News Feed
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 叶小钗
L
Lohrmann on Cybersecurity
G
GRAHAM CLULEY
T
The Exploit Database - CXSecurity.com
Hugging Face - Blog
Hugging Face - Blog
P
Proofpoint News Feed
NISL@THU
NISL@THU
博客园 - Franky
C
Cybersecurity and Infrastructure Security Agency CISA
The Register - Security
The Register - Security
M
MIT News - Artificial intelligence
Know Your Adversary
Know Your Adversary
A
Arctic Wolf
F
Full Disclosure
T
Threat Research - Cisco Blogs
P
Privacy & Cybersecurity Law Blog
The Hacker News
The Hacker News
博客园 - 【当耐特】
D
Docker
T
Tailwind CSS Blog
S
SegmentFault 最新的问题
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Jina AI
Jina AI
Help Net Security
Help Net Security
V
Visual Studio Blog
小众软件
小众软件
B
Blog
Vercel News
Vercel News
云风的 BLOG
云风的 BLOG
N
News and Events Feed by Topic
Forbes - Security
Forbes - Security
N
Netflix TechBlog - Medium
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
C
Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic

Ctrl-Alt-Intel

Burnt by Burgers: Highlighting Void Blizzard’s Russian State Links Chinese actor compromises thousands of Wordpress sites South-East Asian Military Entities Targeted via cPanel (CVE-2026-41940) Watch Guard! Qilin affiliate exploits network appliances for initial access KongTuke on compromised WordPress sites, DDOS Botnets and Cybercriminal Feuds Dissecting FudCrypt: A Real-World Malware Crypting Service Analysis Supply-Chain Attacks, TP-Link devices & a pair of socks The BuddyBoss Attack: Claude’s Supply-Chain Attack The BuddyBoss Attack: Full Incident Analysis Inside the UPMI Phishing-as-a-Service Platform FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops MuddyWater Exposed: Inside an Iranian APT operation Investigating Suspected DPRK-Linked Crypto Intrusions Diesel Vortex: Exploring connections to Russian LLCs Aeternum Loader: When your C2 lives forever Aeternum Loader: Inside the binary ErrTraffic Under the Hood: A look at the source code
Wordpress Exploitation Exposure Checker
Ctrl-Alt-Intel · 2026-06-22 · via Ctrl-Alt-Intel

Check a domain or IP address

This browser-based checker determines whether a domain name or IP address appeared in the exploitation evidence reviewed by Ctrl-Alt-Intel in our blog Chinese actor compromises thousands of Wordpress sites. Results are separated into four evidence levels:

  • Targeted - present in a vulnerability-specific target list.
  • Suspected - scanner-positive behavior was recorded, but executable access was not verified.
  • Validated - an upload or later verification succeeded, with weaker proof than the confirmed tier.
  • Confirmed - strict marker, command output, arithmetic proof, or authenticated web-shell evidence was recorded.

The value entered below is normalized and hashed inside the browser. It is compared against a static, hash-prefix lookup table; the entered domain or IP address is not sent to a lookup service.

Interpreting the result

A match does not necessarily mean the website remains compromised today. It means the supplied domain or IP address appears in the preserved local evidence at the stated confidence level.

Where available, the checker provides:

  • the associated CVE or locally documented exploitation chain;
  • the strongest observed status;
  • specific web-shell paths;
  • vulnerability-specific remediation guidance; and
  • practical hunting suggestions.

A no match result only means the normalized value was absent from this dataset. It is not proof that the site was never scanned, targeted, exploited, or compromised.

Threat Hunting

File and path indicators

Recurring filenames include:

.bd.php
.wp-log.php
.sys_log.php
sfl_bk.php
.auto.php
.sd.php
.sd_*.php
.leo_??????????.php
.brq-*.php
.wvp-*.php
.cc-*.php
.nf-log.php

Recurring directories include:

/wp-content/uploads/breeze/gravatars/
/wp-content/uploads/trx_addons/
/wp-content/cache/berqwp/
/wp-content/uploads/simple-file-list/
/wp-content/uploads/ninja-forms/

Request indicators

Search web logs for:

/wp-content/plugins/simple-file-list/ee-upload-engine.php
/wp-content/plugins/simple-file-list/ee-file-engine.php
/wp-content/plugins/berqwp/store_javascript_cache.php
/wp-json/gutenkit/v1/install-active-plugin
/wp-json/hc/v1/themehunk-import

Search admin-ajax.php bodies for:

beplus_import_pack_install_plugin
breeze_fetch_gravatar
fetch_gravatar_from_remote
trx_addons_uploads_save_data
nf_upload_file
nf_fu_upload
gfmu-plupload-submit
fc_ajax_call
waveplayer_create_local_copy
wpbookit_add_booking_type
dnd_codedropz_upload
sneeit_articles_pagination